公开(公告)号：US20190327255A1

公开(公告)日：2019-10-24

申请号：US16455717

申请日：2019-06-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chong Zhou ,  Tienan Wang

IPC: H04L29/06

Abstract: This application discloses a distributed denial of service attack detection method. The method includes: obtaining a data stream sent to a protection object device in each detection period, obtaining total duration of each data stream; dividing each data stream into a long data stream or a short data stream based on the total duration of each data stream; adding, based on a detection period through which the long data stream goes, total data traffic of the long data stream to statistical traffic; adding data traffic of a short data stream in each detection period to the data traffic, of the long data stream, that is added to a corresponding detection period, to determine statistical traffic in each detection period; and if there is a detection period in which the statistical traffic exceeds a preset traffic threshold, determining that the protection object device undergoes a DDoS attack in the detection period.

公开(公告)号：US11095674B2

公开(公告)日：2021-08-17

申请号：US16455717

申请日：2019-06-27

Applicant: HUAWEI TECHNOLOGIES CO., LTD.

Inventor： Chong Zhou ,  Tienan Wang

IPC: H04L29/06

Abstract: This application discloses a distributed denial of service attack detection method. The method includes: obtaining a data stream sent to a protection object device in each detection period, obtaining total duration of each data stream; dividing each data stream into a long data stream or a short data stream based on the total duration of each data stream; adding, based on a detection period through which the long data stream goes, total data traffic of the long data stream to statistical traffic; adding data traffic of a short data stream in each detection period to the data traffic, of the long data stream, that is added to a corresponding detection period, to determine statistical traffic in each detection period; and if there is a detection period in which the statistical traffic exceeds a preset traffic threshold, determining that the protection object device undergoes a DDoS attack in the detection period.